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Monge, Elaine (SCA) 


From: 

Sent: 

To: 

Subject: 

pcurtis@chincurtis.com <noreply+c0a2fdc814f89fb9@formstack.com> 

Friday, July 15, 2016 6:16 PM 

Breaches, Data (SCA) 

Security Breach Notifications 
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Formstack Submission for form Security Breach Notifications 

Submitted at 07/15/16 6:15 PM 

Business Name: 

Chin & Curtis, LLP 

Business Address: 

75 Federal Street 


Boston, MA 02110 

Company Type: 

Other 

Your Name: 

Philip Curtis 

Title: 

Managing Partner 

Contact Address: 

75 Federal Street 


Boston, MA 02110 

Telephone Number: 

(617) 748-5188 

Extension: 


Email Address: 

pcurtis(a)chincurtis.com 

Relationship to Org: 

Owner 

Breach Type: 

Paper 


Date Breach was Discovered: 05/31/2016 

Number of Massachusetts Residents 1 
Affected: 


Person responsible for data breach.: Current Employee 

Please give a detailed explanation of We are an immigration law firm and file petitions and applications with 

how the data breach occurred.: USCIS that contain individuals’ first and last names and Social 

Security numbers. Upon approval, we send the employee an original 
paper copy of the submission. On May 30, 2016 we prepared an H-1B 
approval package forX. The H-1B approval package mistakenly 
included a paper copy of the H~1B filing for N. X contacted us on May 
31 and said that he had received documents that were not his. The 
paralegal responsible for preparing the approval package met X within 
minutes to collect N's petition and to provide X with a copy of his own 
H-1B petition. 
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Please select the type of personal Social Security Numbers = Selection(s) 
information that was included in the 
breached data.: 


Please check ALL of the boxes that 
apply to your breach.: 


The person(s) with possession of personal information had authorized 
access = Selection(s) 


For breaches involving paper: A lock N/A 
or security mechanism was used to 
physically protect the data.: 

Physical access to systems Yes 

containing persona! information was 
restricted to authorized personnel 
only.: 


Network configuration of breached N/A 
system: 


For breaches involving electronic N/A = Selection(s) 
systems, complete the following: 


Ail Massachusetts residents affected Yes 
by the breach have been notified of 
the breach.: 


Method(s) used to notify 
Massachusetts residents affected by 
the breach (check all that apply):: 


US Mail = Selection(s) 
Other = Selection(s) 


Date notices were first sent to 06/06/2016 

Massachusetts residents 

(MM/DD/YYYY): 


All Massachusetts residents affected Yes 
by the breach have offered 
complimentary credit monitoring 
services .: 


Law enforcement has been notified No 
of this data breach.: 


Please describe how your company 
responded to the breach. Include 
what changes were made or may be 
made to prevent another similar 
breach from occurring.: 


Going forward, we will provide approval packets to employees via 
secure electronic transmission. This should eliminate inadvertently 
packaging the wrong documents with an approval package as all 
materials included in the package are contained in an electronic file 
that relates solely to the individual who is the subject of the approval 
package. Electronic transmission of approval packets involves 
uploading the relevant documents from the beneficiary’s electronic file 
to a secure portal which is then accessed by the beneficiary. It would 
be almost impossible in this process to inadvertently upload 
documents relating to a different individual. Deliberately uploading 
documents belonging to a different beneficiary would be a direct 
violation of the Chin & Curtis WISP and would be cause for dismissal. 
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